Make a DHCP server using Fedora - Help

Les Mikesell lesmikesell at gmail.com
Wed Nov 19 16:12:54 UTC 2008 

Antonio Olivares wrote:
> --- On Wed, 11/19/08, Les Mikesell <lesmikesell at gmail.com> wrote:
> 
>> From: Les Mikesell <lesmikesell at gmail.com>
>> Subject: Re: Make a DHCP server using Fedora - Help
>> To: olivares14031 at yahoo.com, "Community assistance, encouragement, and advice for using Fedora." <fedora-list at redhat.com>
>> Date: Wednesday, November 19, 2008, 5:55 AM
>> Antonio Olivares wrote:
>>> No, there is DNS, and they are the same as the host
>> machine.  It might be another little thing, maybe the packet
>> forwarding or Iptables stuff?
>>> Thank you very much for your guidance :)
>>> It is much closer than before.
>>>
>> You have to deal with routing and NAT somewhere.  You might
>> avoid it if you run a nameserver and squid proxy on the host
>> and configure the clients to use the proxy.  Otherwise you
>> need the host to route the packets if you have a NAT gateway
>> elsewhere, or to route and NAT if nothing but the host knows
>> about this subnet.
>>
>> --   Les Mikesell
>>    lesmikesell at gmail.com
> 
> I added the following and saved them iptables-save
> 
> 
> upon reading another page:
> http://chwang.blogspot.com/2007/11/making-linux-fedora-core-8-as-gateway.html


The advice to add:
net.ipv4.ip_forward = 1
to /etc/sysctl.conf only takes effect after the next reboot.  If you 
want to change this on the fly you can:
echo 1 > /proc/sys/net/ipv4/ip_forward

> it says iptables and has this part: 
> 
> # Forward all packets from eth1 (internal network) to eth0 (the public internet)
> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> # Forward packets that are part of existing and related connections from eth0 to eth1
> iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
> # Enable SNAT functionality on eth0. a.b.c.d are generally the ip of the eth0
> iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source a.
> 
> I added everything here except last line "Enable SNAT", I do not know what that means, I know it is close.  I can ping the host machine, it gets an ip, it gets DNS, and all, but cannot surf :(

Anywhere you send packets needs some way to get the response back to the 
sender.  One way to do this is to plan things so all of your private 
subnets are unique and add routes toward the gateway interfaces for 
everything else.  Another way is to NAT the source address as it goes 
out the already-known interface.  That way the rest of the world does 
not need to know about your new private subnet.  As a packet goes out, 
the source address of the client will be replaced with the address of 
the forwarding interface and the host performing this will maintain a 
table of connections to do the reverse mapping as the reply packets come 
back.  If you tcpdump your eth0 interface now, you'll probably see 
packets being forwarded out but nothing coming back because the rest of 
the net/world doesn't know the route back.  When you add the SNAT, it 
will look like the host machine itself to the rest of the world.  The 
argument to -s is the range of original addresses to replace, -o is the 
outbound interface, and --to-source is the IP of the outbound interface 
on the host.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list